Computer Support Forum

Should malware removal programs be renamed for security reasons?

Question: Should malware removal programs be renamed for security reasons?

On internet i have seen several times the advice to change the name by which a particular malware removal program is known since some malware recognizes the files
or the ---.exe and then prevents its installation onto an infected computer or its execution, even if the program was installed on the computer before the infection took place.
This was advised for TDSSKiller (tdss.exe should be renamed to e.g. whatever.com)
Malwarebytes AntiMalware should be renamed before using it on an infected computer.
See e.g.
How To Easily Remove Google Redirect Virus
http://www.usenetmessages.com/view.p...&id=476887&p=C

Can anyone say anything about this? And should this also be done routinely with other malware removal programs? If that would really be necessary/advisable then why wouldn't the providers give you the choice of renaming by asking if you want to, or simply give you no choice but rename their product? Probably not many people would ever think of doing it themselves.

Relevance 100%
Preferred Solution: Should malware removal programs be renamed for security reasons?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Should malware removal programs be renamed for security reasons?

I'm perhaps being rather cynical, but I'm very suspicious of articles that have a link to a 'registry cleaner' or any other so-called utility that claims to clean or speed up your computer.

I'm of the opinion that some of these can easily corrupt your registry or your system.

Microsoft Security Essentials along with Malwarebytes and ignoring suspicious web pages or links has kept my computer free of viruses so far.

As for renaming Malwarebytes, I certainly wouldn't do it. If the door is already open, the undesirable alien is already in and only its removal will suffice.

The door needs to be locked, not just have its name changed.

6 more replies
Relevance 72.98%

Total Security 2009 removal help needed please - Can't run anything including a renamed version of hijack this.

Man this thing is a bugger...

Would be thankful for any help at all on this nasty guy.

M

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by SHARIK at 9:57:15.78 on Sun 08/23/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.591 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {5727669C-2FEF-4657-BF2D-5DC46C76AB9C}
FW: Symantec Protection Agent 5.1 *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Symantec\SPA\SmcGui.exe
svchost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
... Read more

Answer:Total Security 2009 removal help needed please - Can't run anything including a renamed version of hijackthis

UPDATE -

I found the fix for this.

Step 1 - format drive
Step 2 - Reinstall OS

Works great now...

2 more replies
Relevance 63.55%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 63.14%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 59.45%

I'm at a friend's house for the next 2 days and she wants me to fix her computer. She says she got the PC as payment in return for a construction job on someone's house a couple years ago, and the computer has been freezing up with a BSOD when she or her kids use it to go online. I'm in school learning to be a computer tech, I'm on summer vacation, I have no job (yet) but I'm looking for my hands-on experience in PC tech stuff. Earlier today I tried to wipe that computer's HDD and reinstall Windows XP from a Microsoft XP_sp2 disc, but before it would go into the install process, I got a BSOD with a 0x0000007B stop error that said to run chkdsk to test for HDD corruption. However, the computer boots up into XP normally. The friend wants to know if it has a virus on it and what kind of malware removal program I could recommend/install for her, but I'm stumped on this - so can you recommend any free complete malware scan and removal programs that I could d/l and install on her computer so she will not have to keep paying monthly/yearly fees on it? She does not have a lot of money to spend.Thanks in advance.

Answer:Free malware removal programs - help?

1) You want to install sp3 not sp2. You can build a slipstream cd  with nlite.2) I would not try to clean the system of malware, I'd install from scratch.3) BOOT to the Windows CD (you cannot install from within the OS) and first choose a FULL format (that will run chkdsk /r prior to formatting). You will need the sata driver(s) for the HD.4) To answer your question more directly, good free AV apps include Microsoft Security Essentials, Avira and Avast. Good free malware apps to install in addition to an av app are MalwareBytes and/or SuperAntiSpyware

5 more replies
Relevance 59.45%

just wanted to say thanks to whoever wrote those removal programs, combofix and the mgtools one, they work great! thanks.
btw i had a problem with someone's computer, loaded with malware, avg and spybot took care of most of it, and i have a little know-how with hijackthis, but even after i ran those, i still had problems. the control panel was gone. and i kept getting messages saying something like " u do not have permission to do this..blah blah blah. but i ran combofix and everything is fine now. ran followup scans and nothing is ther anymore.

thanks.
 

Answer:a big thanks to whoever makes the malware removal programs

You're welcome. We are happy to hear they helped you out.
 

1 more replies
Relevance 59.45%

First, let me give you all at BleepingComputer major, major props. I appreciate all the work you all do an everyone should be very thankful to have such a great resource & community available. Can't thank you enough.I don't know if my computer is infected with any type of malware, but based on the symptoms I believe it probably is.Today I was playing around with my TV Tuner & Orb software (allows me to access my TV Tuner when traveling, similar to a slingbox), and while configuring the TV Tuner I downloaded a couple of driver versions and had to update and install different versions of Adobe Flash Player, VLC Video Player, and the TV Tuner Drivers from various sources and visit unknown websites to get info on some details of my cable service/ Tv Tuner and things like that.Symptoms (I have included screenshots help explian what's happening):-Malwarebytes Free Version freezes on both Full & Quick Scans after a very short period of time- (usually on: ?currently scanning: c\windows\system32\zipfldr.dll? )-Microsoft Security Essentials Freezes freezes when scan the starts:-SuperAntiSpyware's scanning interface never pops up (when I click "scan your computer" nothing happens)-Spybot Search & Destroy does not start at all-Unable to use VLC Video Player (The first 'problem' I noticed today)Browsing Status:-Normal Web-browsing in IE, Firefox (default browser), Chrome. No redirections or pop-ups noticedAnti-Malware Progr... Read more

Answer:Unable to use various Malware-Removal Programs

I noticed the Microsoft Security Essentials animated system tray icon still moving so I thought I'd take a look-So although when I initially started the scan nothing happened, I guess it's working a little bit at leastInteresting that the "Time Elapsed" is 27:11 when in reality I started the scan at 10:36 (so it should show around 53minutes).The program appears to be frozen/stuck on this screen for now...Not sure what to make of this, but I thought I should keep this updated.Thanks again

2 more replies
Relevance 59.45%

Exactly ~.~ i don't know what i did i also cannot go to web pages having to do with any of those topics it closes out all of my web browsers curently running
 

Answer:Help, can't run SpyWare/Malware removal programs

16 more replies
Relevance 59.45%

I believe I have a virus, I had a strange pop up telling me I had a virus and to call Cox my net provider. I called them not using the number the pop up said to use. They said it sounded like I had a virus. I ran MBAM pro, CC cleaner, McAfee, and Hitman and Rogue Killer. The only one that picked anything up was Rogue Killer. Hitman picked up 38 traces. I decided I needed to run through your malware removal cycle.
My question I already have Malywarebytes Pro on my computer and you say to download it and rename it. Do I need to uninstall my pro and then download again? Same with CC Cleaner?

I am at the point in the removal process where I am downloading the programs.
I have a Dell Desktop running Win 10, 64bit, Core i56400, 8gig Ram, 5 months old.
Please advise what to do about the programs I already have downloaded. Thank you.
 

Answer:Question About Programs When Doing Malware Removal

mladynicole said:





Do I need to uninstall my pro and then download again? Same with CC Cleaner?Click to expand...

No, just use the versions you have. As long as they are up to date with version and database.
 

9 more replies
Relevance 59.45%

Hi - I am having a problem with my Dell laptop, which runs MS Windows XP SP3. A few days ago I started getting an error message shortly after startup saying that the "DCOM server process launcher terminated unexpectedly and Windows must shutdown" with a 60 second timer. I can stop the shutdown using Start/Run/shutdown -a. The computer will then work, but I continue to get pop ups saying the computer is infected. When using IE to search the internet, I constantly get redirected and get pop ups urging me to install "Antivirus Pro 2009." I have Malwarebytes, Superantispyware, and Combofix installed on the computer, but I can't run them - I just get the egg timer for a few seconds, then nothing. I tried in safe mode and also from a memory stick and still can't run the programs. I also can't download new versions of the programs or any other Malware-related programs, such as HijackThis - I just get redirected or I get a message that IE cannot display the download page. I also cannot get to your site, so I am using another computer to contact you. I went through your cleaning procedure and was able to get through Steps 1 and 2; however, I can't do Step 3 since none of the programs will run. Any help would be appreciated.

Thanks,
Bobny
 

Answer:Infected and Can't Run Any Malware Removal Programs

Welcome to Major Geeks!

I know you indicated you have started to run the READ & RUN ME, but follow along with the tips/notes below and try ALL steps. Make sure you also follow the instructions about renaming files.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

16 more replies
Relevance 59.45%

Hi all,
First, let me say thank you for being available to help people you've never met, because I'm sure there are a lot of us out here.

I recently downloaded a sketchy file which infected my computer. I scanned it with several programs before opening it, and it came up clean, but alarms went off as soon as it ran. I immediately deleted the file but it was too late. When I started running removal programs to clean up, each one crashed and wouldn't open again. I googled for the symptoms and came up with the msa.exe virus/malware. I followed some removal steps I found and seem to have deleted the file from my windows directory, but I don't know if it's gone. I also found process a.exe running which seems to be associated with the monopod virus, but I don't know this for sure either. I have tried running Spybot, Adaware, SUPERAntiSpyware, AVG Antispyware, Windows Defender, and have also since tried to install and run WinPatrol without success. Most of these programs will start up once, but crash during scans and after that will not open. I'm often told I don't have privileges when trying to run them again or even re-install.

As for my log files, I can't seem to run DDS, so I don't have the log for it. I don't have any script blockers that I know of to disable. The GMER file is attached as instructed. Also, I am running WinXP Home, SP2 (I didn't realize there was a SP3 until recently or I would have updated). I DO NOT have the CD or boot disk however; it cam... Read more

Answer:Malware that attacks removal programs

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


Please download Rkill from any one of these links and save it to your desktop.

Rkill.com
Rkill.scr
Rkill.pif


Now double click on Rkill to run it. Do not reboot.



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to glasgow.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompt... Read more

19 more replies
Relevance 59.45%

Hi,

Thanks to Twin Headed Eagle, my PC is now clean. However I have the following programs I just can't seem to uninstall.
aswMBR, JRT, FRST, and shadow explorer
I have tried the "add/remove program" utility but they don't show up
I have tried http://www.avast.com/uninstall-utility It doesn't find aswMBR
I have also tried http://www.revouninstaller.com/ It doesn't find any of them
The last 2 I downloaded from the article http://malwaretips.com/threads/list-of-uninstallers-and-removal-tools-for-antivirus-software.299/

Can anyone help me uninstall these please?
 

Answer:How do I remove malware removal programs?

Sorry, i overlooked that.

? The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

4 more replies
Relevance 59.45%

I've got a virus. A rare occasion in itself, but this keeps popping up again and again ( trojan in Windows Trusted Installer exe) despite Avast putting it into quarantine. So it's time to take more drastic measures.

I'm just wondering if those same programs in sticky, that worked in XP, will still be as effective in Windows 7 or 8? Have the programs been updated?


Meanwhile, is there any way I can temporarily disable the Trustedinstaller.exe in Windows/services ?
 

Answer:Malware Removal programs in sticky?

Just follow the instructions in the Read and Run First sticky for your system. Then attach the requested logs.
 

1 more replies
Relevance 59.45%

I had a recent Malware infection (Vista Security 2012). I am running Vista 32 bit, 2.5 GB ram, 1.73 ghz. I used Malwarebytes to remove it and only could execute it by running as admin. It removed the Malware issue but now cannot open any program on my computer without a prompt saying "choose the program in which you want to open this program with". Malwarebytes quarantined 2 files, 1 registry data and 1 registry value.

Are my registry values now corrupted and/or missing? I also noticed that my sidebar no longer loads upon boot up and also a few taskbar items are missing (touchpad icon and a few others) as if it's in selective start-up. I also did a full Mcafee scan after the malware was removed and reported no issues. I can open any program but only right clicking it as an administrator.

Thanks for any help.

Answer:Can only run programs as Administrator after Malware removal

Download

http://www.winhelponline.com/fileasso/exefix_vista.zip

Extract and run the registry fix

Click YES to import it into registry

Try to launch applications now

Good luck

2 more replies
Relevance 59.45%

Hi...

Firstly Thank you to everyone who helps out on the forum.
I was infected with Malware ....which I have manged to remove ...by reading up on this forum...!

I used Malwarebytes antimalware and superantispyware.

I was wandering though....are these the ultimate best programs for Malware / Adware /Spyware removal...?

Are there other pograms which are better....?.....What are your thoughts?

Any help appreciated.

Thanks.

Answer:What is the best Malware/Adware removal programs...?

I feel those are the 2 best in that category. Short and sweet.

2 more replies
Relevance 59.04%

When I try to run the Sysinfo, the message is MacFile opener can't be opened.
I have a Mac mini, late 2009, OSX El Capitan, version 10.11.6
I had MacKeeper security software for years.
2 weeks ago I allowed them to remotely reconnect the MacKeeper and run a cleanup to regain memory space.
They called the service MacKeeper Remote Assistance.
Now my computer password does not work, I can't access I cloud and I can't open system preferences.
I believe my computer has been compromised.
MacKeeper is owned by Kromtech.
I have no transportation to take my computer to be checked out.
Does anyone have an idea what I can do to get rid of this.
I would appreciate any suggestion
 

More replies
Relevance 59.04%

I have a custom built computer about 6 years old. I have Windows XP Home. I use AVG Anti-Virus free version 7.5 and SpyBot.

I am a personal property appraiser and after not having used my computer for about five months because of open heart surgery I am getting back to work. Recently started working on an appraisal that visited several foreign (Japan, China, Germany) sites.

During the past week I noticed that when searching on google and get zillions of hits on a subject I would click on the hit and at the connection find that it had nothing to do with what I was looking for...often a listing of services, clicking back sometimes took me to the desired site but often instead of being misdirected nothing happened until I got the message "not responding" and "ending now" took me out of Google and I'd have to start the search all over.
I finally noticed that the blue title bar at the top of the page said "jump...." and then would quickly flash off so I started searching google for "jump redirected internet searches and hence found your site.

I have read your instructions and have downloaded the program that scans my computer and prints out a log. I have saved it and will paste it below.

AVG has not detected this virus. Spy Bot (after loading updates that were neglected when I was sick) discovered a trojan...can't remember the name right now...and it was deleted. It wasn't the problem because I'm still having the same pro... Read more

More replies
Relevance 58.63%

As it states in the head line.

What programs do you use to clean a PC of Virus/Malware/Trojans.. and all that other fun stuff.

I tend to use

Malwarebytes
NOD32 Antivirus
Hitman Pro
adwcleaner

Cheers

WAX

Answer:All Technicians What Virus/Malware removal programs do you use?

I don't actually remember the last time I needed to remove a virus. It was ages ago. I tend to use software to check for infections but they never find anything other than a few false positives.

8 more replies
Relevance 58.63%

My computer has been infected with Smart HDD. I'm in the process of removing it, but even in safe mode with networking it still wont let me access Malwarebytes Anti-Malware pogram to scan and remove the virus. DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORKInternet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_16Run by Melissa at 17:46:28 on 2012-11-04Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1013.378 [GMT -7:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\s... Read more

Answer:Infected with Smart HDD and still cant run Malware Removal Programs

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

17 more replies
Relevance 58.63%

Hi all,

I seem to have a problem I can't solve.

I suspect to have some malware on my laptop. I usually use Adaware but this program suddenly gets stuck, whereas before it always worked well. So after a while the computer freezes and I have to switch it off.

Also I can't complete a virus scan, I use Norton 360 but same story, it doesnt complete the scan and the computer gets stuck.

I then installed Malwarbytes'. Although I can complete the quick scan, when I run the complete scan, my system actually crashes completely. The 'blue screen of death' came up and the computer switched off. Unfortunately I didnt write down what the message was Not so smart, I know.

Anyway, I am running out of options. Anyone has some ideas?

I work on a HP Pavilion 9500 using Vista.

Any suggestion will be most welcome.

cheers

Koen
 

Answer:system crashes while using Malware removal programs.

Welcome to MajorGeeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip... Read more

1 more replies
Relevance 58.63%

First off sorry for posting in the wrong forum, my bad. Now to the point, after removal of several torjans/spyware infections, this computer is still very slow. Just making sure i have removed everything before i settle on a hard drive going out.Deckard's System Scanner v20071014.68Run by PaIgE on 2008-07-11 21:12:02Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 84% (more than 75%).Total Physical Memory: 126 MiB (512 MiB recommended).-- HijackThis (run as PaIgE.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:12:57 PM, on 7/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Documents and Settings\PaIgE\Desktop\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\PaIgE.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_... Read more

Answer:Slow Startup And Programs After Malware Removal

swiftscoopSorry for the delay.I don't see anything malware / spyware related causing the problem. But before you condemn the HD comsider the followingFor slow PC operation see this link:http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/2. Your PC has only 126K or RAMPercentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 126 MiB (512 MiB recommended).At the very leasy you need 256K to run XP, 512K is recommended.RAM is inexpensive to add to most PC'ssurf safe

3 more replies
Relevance 58.63%

I've used your site in the past and I've been really happy keeping my computer clean and running with advice and tutorials.
 
However, my mother, who is older and lets the grandkids play on her computer, has multiple issues and her computer is running slow, and I've found multiple problems on her system. However, I am NOT good with Win 8. So I keep having a hard time finding my way around her mess of a system.
 
The biggest deal right now is her virus protection is up to date, but I can NOT get it to stay up. Also I can't put her firewall back up, I'm denied access. So far I've run Malware Bytes and cleaned out about 24 maleware related files.
 
I've run Farbar and I'm here to post the logs to see what still needs to be done:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Cathy (administrator) on GRAMMYPC on 24-09-2014 12:51:38
Running from C:\Users\Cathy\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windo... Read more

Answer:Multiple Malware Programs Removal from Win 8 System

Here is the Addition.txt log as well. I've run no 'fixes' with this.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Cathy at 2014-09-24 12:52:54
Running from C:\Users\Cathy\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7288D4D9-90E0-2B03-43D0-0BB6D4496577}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangen... Read more

6 more replies
Relevance 58.63%

It's been a while since I've had to post to the forum here, but I am in dire need of assistance. My computer has been running fine for a couple of years now, but this summer, it started going bonkers. Whenever I perform a search in google, yahoo (any search engine really) if I click on any result, it opens a new window from "yourfindhome.com." The trouble only started here. I tried to run Spybot search & destroy but it gave me the error reporting dialog box. I tried the same with Super antispyware with the same result. I can't run any removal program except Ad-aware, which keeps finding Trojan Backdoor Agent and Trojan SpyBanker even after I have removed them.

I am running a Dell Dimension DE051 with a 2.66 GHz processor (Celeron). 512 of RAM with Windows XP Home SP3.

My friend's sister was over and downloaded PC-Cillin from Trend Micro at the beginning of the summer as well. Ordinarily, I like Trend Micro, but it seems that it is not helping at all. It starts up and freezes. I have to do the old task manager thing.

Now, I ran a report from HiJackthis, and I have that available. I know this is going to be a long fix, so let me know when I need to post it. I'd like to explore all avenues (without wiping my hard drive). Thanks a lot!
 

Answer:Malware, Viruses, and an inability to run removal programs

6 more replies
Relevance 58.63%

Recently I have noticed I cannot open any antispyware/malware programs and my google searches will often redirect to random stuff that is not even close to what I googled. Here is my dds logs. If I did anything wrong please let me know.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Gablen at 1:11:32.01 on Sat 07/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.674 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:&#... Read more

Answer:I cannot open ANY spyware/malware removal programs!

Go HERE and download SysProt AntiRootkit. Unzip it to your DesktopRun SysProt >> Click on the Log tab Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)Hit the Create Log buttonWhen it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)Let it scan until finishFind the log.txt inside the SysProt folder and attach the log here.

6 more replies
Relevance 58.22%

I read many of the other posts regarding how to remove the Security.Hijack malware. I ran Malwarebytes anti-malware and got 2 warnings about the Security.Hijack i asked Malwarebytes to remove them and i restarted the system but didnt actually remove anything so now i'm here asking for some help to how i can remove the 2 warnings in my system.

I followed another ''guide'' that was made within this forum but i kind off got lost in the rain
 

Answer:Removal of Security.Hijack Malware

It looks like you started to do the following, but didn't finish. So finish these instructions and attach the requested logs.

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 58.22%

My sypmtoms began as "AntiVirus Studio 2010" fake spyware removal software and "Security Shield"

I thought using Malwarebytes Anti-Malware I had removed the problem. Unfortunately, there have still been issues.

The current issues are intermittent.

Blue Screen (iastor.sys)
Pop-Ups for Viagra, Porn Removal, Free giftcards, etc. (I have not had a pop-up since trying to pay more attention)
Often very slow (sometimes just before blue screen)

GMER text is attached.

Please note that the DDS did not run.

?   ?? ? @ ? ? ? ?!?L?!This program cannot be run in DOS mode. (This is followed with pages of characters)

Please help me with this malware and instruct me how to properly run the DDS software.

OK, since I already attempted removal before finding this forum, here are copies of MalwareBytes Anti-Malware logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/22/2010 8:14:25 AM
mbam-log-2010-12-22 (08-14-25).txt

Scan type: Quick scan
Objects scanned: 159223
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys ... Read more

Answer:Malware Removal - Security Shield?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Relevance 58.22%

I needed to amend the instructions written by Grinler for removing total security which is a virus/malware in order to get it to work. The link to the instructions: http://www.bleepingcomputer.com/virus-remo...-total-securityTotal Security has gotten smarter and now won't allow most processes or applications to run. Nothing I tried at first would allow me to end the Total Security process. Total Security shut down anything I tried to run... like hijackthis, malwarebytes, spybot, adware etc....I surmized, that total security will not allow you to run any exe programs other than a few it knows about.My solution was to rename the ProcessExplorer file..... Procexp.exe to iexplore.exe. (Download process explorer from Microsoft on a different computer if you have to.).... renaming to other file names like explorer.exe may work too.After doing that I was able to end the process and proceed with process.I think Grinler has edited his instructions so everything is good.Thanks to Grinler for posting the instructions. Good LuckHarold

More replies
Relevance 58.22%

The computer is infected with Win 7 Security 2011. I ran House Call last night, it found ten objects but wouldn't remove them. It chose ignore, and wouldn't allow me to quarantine them. I ran a quick scan, and found nothing. The complete scan took 4+ hours, and came up with the ten objects.

MalwareBytes will not load up, and HJT will not create a log file. When I ran the suggested program..., it came up with a "sample hosts file", and there were no lines mentioning HJT. The output is below:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

I ran TFC, OTL, DDS, and TSG SysInfo.

SysInfo output:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 ... Read more

Answer:Win 7 Security 2011 malware removal help please

7 more replies
Relevance 58.22%

this seems to be just like AVP 2009 mess that I removed a while back (pop ups bogus warnings, etc) with the exception of this one actually hides the desktop icons also....

DDS LOG:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Sharon my Love at 20:56:23.85 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.358 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsy... Read more

Answer:security tool malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 58.22%

Malware has attacked my computer and gives that red shield in the bottom that says something like "You have a security alert!" and makes many pop ups and takes over internet. I deleted ~tmpa.exe and ~tmpd.exe. But it comes back when I reboot. Log below.You help is greatly appreciated. I am sure if I delete the correct things, I can lick this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:25:06 PM, on 1/15/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Tr... Read more

Answer:Malware removal Help - Security alert!

Hi, allingtonj Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.... Read more

2 more replies
Relevance 58.22%

Help! To remove AV Security Suite Malware. I tried booting in the Safe Mode and unchecking proxy server, then running rkill.com, and then running Malwarebytes to remove AV Security Suite Malware. All efforts have been unsuccessful.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Robert DeAngelis at 10:01:57.89 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.673 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exesvchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Robert DeAngelis\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uLocal Page = \blank.htmuWindow Title = Windows Internet ExploreruDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mSearch Bar = hxxp://www.wtywsdclgucnkkrhwzcxvhf.com/4tJGAN... Read more

Answer:AV Security Suite Malware Removal

Hello BobDeaWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click ... Read more

1 more replies
Relevance 58.22%

I have noticed that I've been having popup ads lately, which is very strange since I've had popup blockers for a very long time. I keep my antivirus programs (mostly) up to date, and I rarely go on 'bad' sites. However, today when I restarted my computer, I had the "Security Tool" program pop up and give me a list of fake viruses that it wanted me to delete. I didn't delete them; instead, I opened my Killbox program and deleted two of the Security Tool files, but it would not let me delete the main folder for them. I opted to do the "delete on restart" method, which took out the main folder.

However, I've been trying to run the suggested "Malwarebytes Anti-Malware" scan to make sure the Security Tools is gone for good, but I absolutely cannot seem to run it. Every time I try to install/run the program, I get an error message or the program will start and stop itself. Eventually, it will be unable to find the mbam.exe file that is needed to run the program. I've tried to do all the suggested methods to make the program work that were listed on different forums from google.

I am still getting popup ads. I am unsure if this was the only problem my computer is having. To be safe, I have run a Hijack This, DDS, and RootRepeal scan on my computer. I do have Killbox, so I can manually delete anything that isn't safe (if it lets me delete it). Any help would be greatly appreciated!

If I read the "How To Post" thread correctly, I'll post... Read more

Answer:"Security Tool" Malware Removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 58.22%

Please help!For the last few days I have been plagued by some form of virus/malware that has been stopping any of my malware cleaners from updating. It also redirects my search results and won't allow me to go to any sites like AVG.com, support.microsoft.com, or any other sites dedicated to malware removal. It has also apparantly corrupted my windows to the point where I cannot reliably get into windows in normal mode, only in safe mode. It tells me unauthorized changes have been made to windows and won't let me log in. If I run sfc scan i can get back into normal mode for one or two bootups and then i have to do another sfc scan in safemode.I have installed and run malwarebites, avg, hijackthis, and superantispyware. Malwarebites found vundo along with several other trojans, hijackthis found an iexplorer redirector, and superantispyware found a couple trojans. Even after taking care of all this, there are still problems. I still can't get into windows in normal mode very often, I can't go to any spyware removal sites, I get redirected search results, and there is something that keeps downloading the things I have removed.I'd appreciate any help.Thanks.Here is my current hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:02:23 PM, on 7/7/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18248)Boot mode: Safe mode with network supportRunning processes:C:\Windows\System32\smss.exeC:\Windows\... Read more

Answer:Malware stopping me from updating any spyware removal programs

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and ... Read more

2 more replies
Relevance 58.22%

My computer is taking forever to do a lot of things like opening programs, running programs takes an inordinate amount of time to download anything and install it. The harddrive light on the front of the tower is red a lot! I read somewhere that means the HD is being "throttled" and isn't good for it.
I've ran all the suggested programs and don't think it found anything. Thanks in advance for a response!!!
 

Answer:RAn all the malware removal programs and computer still runs like CRAP!!!1

RAn all the malware removal programs and computer still runs like CRAP!!!2

just adding final log...
 

6 more replies
Relevance 58.22%

Windows XP Home edition SP3

Yesterday I worked on a friends PC that had been attacked by Malware. Task Manager, AV disabled and pop-ups everywhere. Removal was simple enough. I booted into safe mode and was able to run Super AntiSpyware and MalwareBytes. Both found the same Trojan and upon removal and reboot it appears gone (although I'm in the process of rescanning)That's all I have done to this point. I will do a boot time scan with Avast after the scans, avast is now working again. No pop-up and task manager works fine.

My question / problem seems to be that when I go to the Start-> all programs everything is missing. There are no program groups, it's empty. They are still there on the main drive in the programs folder. The Icons that were on the desktop work, FireFox, Avast etc. it just seems that the groups have been deleted?

Any ideas on how to get the program groups back? I have a few ideas but I'm up for suggestions in the event someone has seen this before. I did a quick search and didn't find anything. There is only one profile on this PC, I was thinking of making another to see if they groups come back.

Regards,

Pete

Answer:Start-> Programs, empty after malware attack and removal

Worth a look, http://windowsxp.mvps.org/AllPrograms.htm .

Louis

4 more replies
Relevance 58.22%

Hello!My issue is very similar to this one: http://www.bleepingcomputer.com/forums/t/248235/hijackthis-and-mbam-disappear-when-scanning/However I am unable to resolve the problem in the same manner.I scanned with AVG, Spybot, and SuperAntispyware from within a PE environment. I then booted the computer into Windows (this computer has Vista SP1) and installed MBAM. It installed and updated but ran for just a few seconds before it closed. I tried to run it again but I was met with an error that said "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." If I uninstall then reinstall, I can run it again for a few seconds with the same result. This is also true of HiJack This, RootReveal, and others I have tried. The original issue with the computer was that it wouldn't run exe files. A DOS box would pop up with a message "Program too big to fit in memory" for a split second. This issue was solved with the above mentioned scans and a registry fix to correct exe file associations.I have a DDS log, but I cannot run RootReveal to get a log from it. It fails on the "Files" section as MBAM does above.Here's my DDS log:DDS (Ver_09-07-30.01) - NTFSx86 Run by Owner at 13:59:57.77 on Tue 08/18/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2941.1721 [GMT -5:00]AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-... Read more

Answer:Issues after malware removal, no scanning programs work

Please download the Win32kDiag.exe tool from the following location and save it to your desktop:http://download.bleepingcomputer.com/rootr.../Win32kDiag.exeOnce downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.Double-click on this file and post the contents as a reply to this topic.

15 more replies
Relevance 58.22%

Hi,

I recently managed to get help from this forum on how to remove ZeroAccess trojans that were traumatizing my laptop (http://forums.techguy.org/virus-oth...02-sirefef-trojan-malware-causing-mayhem.html) . It seemed to work perfectly (used ComboFix,MalwareBytes and TDSSKiller) and the malware doesn't show up on any scans anymore (ran from Safe Mode), but I cannot access my desktop for more than 5min at a time before it freezes up and I have to manually shut down and start up again. I managed to re-install my Kaspersky Internet Security 2013 temporarily, but it doesn't show up on my desktop or taskbar. I have tried SFC/scannow returned :"Windows Resource Protection found corrupt files but was unable to fix some of them." My system restore does not work either for some reason since I got this laptop a year ago and Startup Repair shows no errors.. I am relatively good with computer diagnosis, but this one has me losing sleep for two days straight. I have important school data that hasn't been backed up and would like to avoid a Factory Reset at all costs.

Any help would be greatly appreciated.
 

Answer:Freezing desktop and unresponsive programs after Malware removal

6 more replies
Relevance 58.22%

Hey there,

So, I'm not sure what exactly my problem is. Recently I had become infected with some malware (TDSS.sys and UACd.sys) and I took measures to remove them as best as I could. Further scans don't seem to find anything else, but I can't be certain I've gotten everything as I'm still having some strange behavior.

Initially, I noticed that I had something because my google seaches were being redirected when I would click on any search result (windowsclick.com, I believe) and in investigating and trying to fix that I found the TDSS rootkit and then later UACd. Spybot S&D would catch the TDSS infections and remove them, but they would come right back after opening a new browser, so I found Malwarebytes Anti-Malware and scanned my computer and seemed to successfully remove the TDSS and windowsclick problems.

Just the other day though I got a BSOD while browsing the internet (unfortunately, I didn't get a chance to read/copy it) and ever since then programs are constantly crashing on me. Internet explorer, AIM, iTunes, windows media player, winamp, to name a few, will crash immediately after they load. Always the same programs.

So, to make sure I didn't have anything else, I also downloaded GMER and scanned with that and found UACd.sys. After some searching I found out that ComboFix could remove the UACd rootkit and so I downloaded and ran that and seemingly took care of UACd, yet my problem still persists.

My only conclusions are t... Read more

Answer:Programs keep crashing, not sure if it's related to previous malware removal

Usually with UAC, you're better off reinstalling the OSSince you have done everything in your post, I'd suggest posting in our HJT forum for more in-depth helpPlease read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as... Read more

3 more replies
Relevance 57.4%

Hello all,

I have the malware Security Protection on my desktop. A quick search on google can show you what it is. Anyway, I have run MBam numerous times, each of which has removed, it seems, a portion of Security protection. However, a link of security protection still winds up residing on my decktop as well as a reloaded version of SP later on. I cant seem to fully get rid of it. any ideas?

SW
 

Answer:security protection malware complete removal

Hiya and welcome to Tech Support Guy

Can you run the tools in this thread:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

And then post the following:

1. Copy and paste the HijackThis log.
2. Copy and paste the contents of the DDS.txt file.
3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions
4. Copy and paste the contents of the ark.txt file.

Regards

eddie
 

1 more replies
Relevance 57.4%

I have followed the suggested guide to removal the malware 'Security Tool' (Remove Security Tool and SecurityTool (Uninstall Guide)). However when I try to run the rkill file the virus shuts it down before it has a chance to act.I have tried not clicking on the pop up boxes however this does not work.I have been able to download the malwarebytes set-up however the malware is blocking me from running the program.Is there any other way I can either run the rkill program or allow the malwarebytes to open and install?(I am using a new samsung r519 laptop running windows 7. It is a week old so has no unusual software or hardware)Any help would be really appreciatedEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ AnimalAllen

Answer:Failed Removal of 'Security Tool' Malware

Thanks Animal..Run FixExe.regFixExe.reg ....click Run when the box opensIf you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Or try running SAS first after Rkill.Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the... Read more

1 more replies
Relevance 57.4%

Hi,

My computer got infected with the koobface several weeks ago. I posted in the 'Am I infected? What do I do?' section and the Hijackthis logs section and we have used malwarebytes to remove the infected files, restored windows to the last known good configuration and used the XP system restore feature and updated security.

Unfortunately none of this has worked. After using the internet (through both IE and Firefox) for around 5 mins the window freezes so I have to close it down. My computer then blue screens and I receive the ***STOP: 0x0000000A message. After logging back on I receive the following message 'loading model error. load default model?'. If I log off before internet freezes I get this message 'the instruction at 0x000f2fc0 referenced memory at 0x000f2f0. The memory could not be written. Click ok to terminate the program. Click cancel to debug the program'.

The last time my computer blue screened I received an error report after logging back on. I thought the info could be of help. Please find all of the details below:

Error Report Contents
The following files will be included in the report
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\sysdata.xm

Error signature
BCCode : 1000000a BCP1 : 0000BA33 BCP2 : 00000002 BCP3 : 00000001
BCP4 : 806E4A8E OSVer : 5_1_2600 SP : 2_0 Product : 256_1 l

I've had the problem for a couple of months now and I'm keen to get it fixed asap. Pl... Read more

Answer:Still getting BSOD after malware removal [moved from security]

'C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp'

It made a minidump, so look for them and zip up the latest 4 and attach them.

7 more replies
Relevance 57.4%

Hi,

Thanks in advance for any help. I will do my best to provide all the necessary info. Last week, I got the Outerinfo and Internet Speed Monitor infections. I used online tutorials to remove these items using ComboFix and AVG Anti-Spyware, etc. Yesterday I got Security Toolbar 7.1 infection that causes pop-ups (with the little yellow triangle) and slows the system down, and I cannot seem to remove it. I ran the ATF cleaner and created a system restore point. I ran an updated version of AVG Anti-Spyware (but I cannot find the log). I tried to run Super Anti-Spyware but got an install error. I ran Panda Active Scan. I have updated the security patch for XP. I still have this infection.

Here are the logs I can provide:

First is Panda scan log:'
Incident Status Location

Adware:adware/searchaid Not disinfected c:\windows\winshow.exe
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/hc/51325817]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\James\Co... Read more

Answer:Solved: Malware Security Toolbar 7.1 Removal

10 more replies
Relevance 57.4%

Hello,I'm out of tricks to get rid of this nasty rookit infection I have. It started this past saturday 12/17 with the XP security 2012 malware. I followed instructions online and removed it (various reg edits and running MBAM etc). It had corrupted my rundll32.exe file, which I restored from my XP disk (you will see a reference to the "old" copy I made be overwriting in the DDS log). After that my applications all worked again and my computer seemed fully functional but then I realized the virus also has a rootkit attached to it that causes google redirects in Firefox. I ran TDSSkiller and it found something and cleaned it the first time. Since then it has re-surfaced many times. MBAM found something once or twice upon resurfacing, but hasn't found anything the past few scans. TDSSKiller doesn't find aynthing anymore. SuperAntiSpyware doesn't find anything. I decided to run Mcaffee anti virus, and it said it found 3 files with Downloader-BMN.gen.g(Trojan) .. This was exciting, I hoped that would be it. But alas firefox googles still redirect. I haven't done any more scans and thought its time to call in the pros. Also forgot to mention I've run defogger and disabled my CD emulators, and ran CC Cleaner multiple times and deleted all my history and temp files etc. I have NOT run comboFix yet .. Here is the DDS log:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30Run by Bill at 21:11:18 on 2011-1... Read more

Answer:rookit won't go away after XP security 2012 malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

18 more replies
Relevance 57.4%

hello fellow tech heads

i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which was the only thing that i could acctually load in safemode, killed it ran malwarebytes got rid of it well i taught i did but then when i booted into windows my programs are still missing from the start menu, malwarebytes i just installed was not there so reinstalled it and still was not lising in my programs

win update thinks its turned off when its on

accidentally turned hidden files on and found some of my movies and files which are marked as hidden OMG what the.........

so i can use my computer as per normal now and for internet i have to go through windows explorer but i am still infected and not sure how to fix it now as i cannot remove avg as its saying that its missing some reg file and therefore cannot run combofix

help pls :)

Answer:xp security 2011/ malware removal tool

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who instructed you to run ComboFix?

As you should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

We first need to verify if there are any rootkits present and how they could affect our tools.

DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present and decide whether to deploy ComboFix.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one ... Read more

19 more replies
Relevance 57.4%

Hi

I'm trying to remove this malware from my laptop computer but all instructions that I've read indicate to download removal spyware...but my browser won't start up! I tried burning the indicated software to a CD and then loading to the infected computer but still no luck...

Any ideas?!

Thanks!

More replies
Relevance 57.4%

Hello,I'm Jon, and I have an infected PC, yadda yadda yadda. Please forgive me, but I am not as spyware savvy as many of you are, I'm sure. My computer just started getting a small white X in a circle in the tray, and a pop up window down there saying: Warning! Security Report. Your Computer is infected! It is recommended to start spyware cleaner tool. When I right click on it, it sends me to an antivirus page, and then does tab afetr tab of crap. I also am getting warnings on my normal browser pages as well, now. I am not clicking on any of them, of course, because it appears to be malware? I run a Windows XP OS. I am not sure if it is NT or not. I am in an office with six different computers on our network. It is wireless internet, with a server running cables to all of our computers. I use Internet Explorer, maybe version 7? I am not the most tech savvy out there, so forgive me if I am being too vague. I have Ad-Aware, Spy-Bot, and I believe we are running Symantec Antivirus, but I think I only have Endpoint protection. Perhaps it is installed on our server, then distributed in our small network? I also noticed that my task manager will not work, and my background photo has been disable on my desktop? Can anyone help me remove this nasty thing?Thanks for any help-Jon(Moderator edit and note: thread moved to more appropriate forum. jgw)

Answer:warning security report! malware removal??

G'day, Jon,Can you please Post into this Area and be Patient, we are having a very busy time just now?http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Someone will come there to Help you out.

4 more replies
Relevance 57.4%

sir, Two computers(winXP-pro-sp3) in my office have infected with virus/malwares but of different nature. In First machine, Avira free was installed. Same machine had to be reformatted(only C-drive out of three partitions, C, D & E) a week ago after a virus removal exercise with Mcafee AV, which resulted vanishing of Desktop & start menu. Probably fresh virus infection occured due to non-formatting of other two partitions containing lot of data( mainly .doc, .pdf, .jpg, .htm & .txt). This time I tried to clean the machine with a updated Nod32(installation folder copied from another machine) kept in a flash drive. cleaning was done in safe mode when some 2000+ virus was removed by Nod32 including some conficker,autoit viruses. Before reaching safe mode, I tried TaskMgr, Msconfig, regedit & windows search, all of which were disabled. However, it was possible to view hidden files & file extentions, inluding system files. But after reboot, viruses not removed, took control of machine & reaching safe mode was blocked. One thing i noted is infection of svchost.exe & explorer.exe. First one was operated from a folder(2537452) within system32, second one was associated with a file "regsvr.exe"I read your article for removal of security tool & accordingly downloaded rkill.com, kept in desktop & wanted to run but every time virus terminated the application before starting. I could install a current version of malwarebytes' Antim... Read more

More replies
Relevance 57.4%

Hi! I'm running windows 7 and I have the same problem as this guy has:

http://forums.techguy.org/virus-other-malware-removal/983966-wpn-exe-file-posing-vista.html

It's malware masquerading as some kind of anti virus software that jumps up and starts doing a false scan and then tries to make me buy it. It pops up whenever I open an IE/Chrome window and attempts to hijack my browsing. I think it's also somehow hijack spybot search and destroy because I can't get that to scan at the moment. Nor can I get hijack this to produce a log (it just produces a blank notepad file and then 'vista home security' pops up and starts scanning again).

I can only use IE/Chrome when I terminate the process in the task manager (bal.exe - description is 'steam'.)

Being that it has pretty much crippled every possible form of defence my computer has I really would appreciate some help getting rid of this awful thing!

Thank you!
 

Answer:Vista Home Security malware removal

9 more replies
Relevance 57.4%

1. my systems information:
Compaq presario
windows xp sp3 media center edition Version 2002

2. My problem:
In both firefox and IE every time i try to go to google, favorites, or even manually type in a url it is constantly redirecting me. Even after search results successfully come up in google when i try to access a url it is always redirecting me to another page that will often not even allow me to go back to the previous page. I also cannot seem to remove the ask toolbar. I also get random pop ups all over. More troublesome than anything, whenever I try to access an anti malware/removal program as soon as i run it, the program closes on itself. I try to reaccess the program and I get an error that says my access is denied. This wonderful little cherry on the cake keeps me from running malwarebytes, super anti spyware free edition, panda online scanner, and even hijack this.

I have tried uninstalling the programs, booting in safemode, reinstalling while in safemode, and running the programs while in safemode to no avail. Same problem, it opens and tries to run, closes on itself, then when i try to reopen the program i get an error message that says
"Windows cannot access the specified device, path, or file you may not have the appropriate permissions to access them"
while this is occuring, I am also logged into the administrator account....

new update - As i was typing this message i resorted to attempting to run microsoft one care on the affected machine (i ... Read more

Answer:Constant redirecting - access denied to malware removal programs - pop ups!!!!

Hello there Welcome to the Tech Support Guy forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Step 1

Please download Win32Diag from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Double-click on Win32Diag.exe to run it. If you are using Windows Vista, please right-click and select Run As Administrator
A black command prompt window shall appear.
It will now begin to scan. This may take a while, please be paitent until the scan is complete.
Once it's done, in the black screen it will say "Finished! Press any key to exit.... Press any key to exit.
A log file called Win32KDiag.txt will be created on your desktop.
Please copy and paste the contents of that log file here in your... Read more

3 more replies
Relevance 57.4%

Malwarebytes anti-malware program doesn't run. Microsoft security essentials shuts down when i try to scan. Computer is very slow. 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Oishi (administrator) on OISHI-PC (10-01-2016 18:55:55)
Running from C:\Users\Oishi\Downloads
Loaded Profiles: Oishi (Available Profiles: Oishi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, In... Read more

Answer:programs for Malware removal unable to open, computer is very slow

double post - closedgo on with your other Topichttp://www.bleepingcomputer.com/forums/t/601856/programs-for-malware-removal-unable-to-open-computer-is-very-slow/

1 more replies
Relevance 57.4%

I tried to run Malwarebytes anti-malware program after going through the forum. The program is unable to open. Similar is the case with microsoft security essentials, it closes every time I start the scan. Apart from this my laptop is very slow and too many pop-ups and redirection takes place on my chrome.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Oishi (administrator) on OISHI-PC (10-01-2016 18:55:55)
Running from C:\Users\Oishi\Downloads
Loaded Profiles: Oishi (Available Profiles: Oishi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvS... Read more

Answer:programs for Malware removal unable to open, computer is very slow

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next"... Read more

16 more replies
Relevance 57.4%

Help please dear scumware fighter!

Here's a tricky one that's brought me to halt. I have an infection from some malware that is hiding itself and seems to be actively crashing anti-virus/anti-malware sw before they can id it or remove it.

Here are the symptoms:

Discovered when I upgraded to version 10 of Avira's Antivir Free version. It wouldn't run completely through and crashed. Checking with Avira's forum, others had the same problem and it was identified as an existing infection. It was then that I noticed that I haven't even had a successful full system scan with the previous version since mid-Feb (even though I manually run a full scan every month or so). Virus definitions were being downloaded normally every day.

Then it started crashing Windows and Firefox. Couldn't turn off the computer and had to hard reset with the power button several times.

Downloaded and ran MalwareBytes which found 1 virus immediately, id'd as "Trojan: FakeAlert" in C:\END. I quarantined this item.

Ran a full system scan and MalwareBytes ran for about 10 minutes but crashed at the same directory that I thought I had seen Avira stop on.
I repeated and it stopped at the same directory. This is the file that it stopped on:

windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\063bdcb7c733d30d0ac1e533ae9191f7\ehiVidCtl.ni.dll

I tried downloading Microsoft Security Essentials and that failed to even finish the download for some unknown error. Another ... Read more

Answer:Insidious Infection Blocking Anti-Malware Programs & Removal

BUMP, please.

3 more replies
Relevance 56.99%

I picked up AV Security Suite today. Will not let me launch any programs. I have a laptop, but without a cd burner. Trying to look at people with similar experiences.So far all I have done is unplug from internet.What next?

Answer:AV security suite malware, can't run any programs

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.It's most likely the rogueware is preventing programs as well as our tools from running. The following tool will hep running them.If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machi... Read more

32 more replies
Relevance 56.99%

Sirs,
My desktop was recently infected with a malware security shield.After doing some google search I used first stopzilla avm 2113 .But since It wanted a registraion for repair scanning threats that I could not afford,I uninstalled it and then of my own I ran combo-fix.After that there seems to be no problem with my system that is windows7/32bit.however I donot understand the contents of its log report and need help from a suitable helper.the log report is enclosed.
moreover I want to know how should I protect my computer from subsequent threats as I cannot afford a fully paid anti virus.
thanks
vkwd7

More replies
Relevance 56.99%

Hi All and Brian
 
I have moved my issue to the correct spot as requested.
 
All of a sudden I had Antivirus Security Pro flash up and tell me a had a whole heap of virus' and that people on the net could see me via my camera (my camera light was consistently on).  I suspect I got this from a dodgy site I visited (which obviously Microsoft essential did not pick up)
 
I following the instructions from this site http://www.bleepingcomputer.com/virus-removal/remove-antivirus-security-pro which appear to have removed most of it but I still have the following issues.
 
No matter what I download the virus windows comes up and deletes the file and secondly
And I could not find Microsoft Security essentials to uninstall. 
 
I have tried a Microsoft programme to try and remove/rectify  Microsoft Sec Essentials but it seem to still be there because I cannot install any new anti virus program (I have tried reinstalling MSE and even Trend but to no avail)
When I try and install MSE I keep on getting the 0x80070643 error
 
I have been contemplating doing a complete reformat??
 
 

Answer:Cannot remove Microsoft Security Essentials after malware removal

You are probably infectec with ZeroAccess rootkit.Open your topic here --> http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Follow this guide --> http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

2 more replies
Relevance 56.99%

The malwarebytes antivirus did not remove the winweb pop up security alert. When I run the scan it does not detect any malicious items. The only malware quarantined was from the vendor Adware.Zango. The item is very long. I would cut and paste it here but can't seem to do that. It starts with HKEY_CURRENT_USER. This was the only one found in the registry of malware antivirus. There are many other items in the winweb security alert like trojans and others. should I write these down in the postings? The pop up Lsas.keylogger keeps coming up too.I did switch to firefox. Before winweb was on my screen I used Internet explorer. I'm not sure if the browser matters. I've used firefox eversince winweb has been popping up. Also, I could not run kapernsky's free scan for some reason. I did download the new runtime JAva but I still couldn't get a scan.I will cut and paste the reports from RSITLogfile of random's system information tool 1.04 (written by random/random)Run by sam pratt at 2008-12-03 10:43:54Microsoft Windows XP Home Edition Service Pack 3System drive C: has 258 MB (3%) free of 8 GBTotal RAM: 254 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:46 AM, on 12/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS&... Read more

Answer:Malware removal request( winweb security alert)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

3 more replies
Relevance 56.99%

Hi fellow techs

Just got d above virus and Wat a mission it was to get rid of it

However it has left some damaging things behind like win updates thinks it's not turned on when it is!!!

As well as it's made some ordinary files like movies to be marked as hidden files

And all programs is not listing a thing but they are all still present!!!!

What the&hellip;&hellip;

Can anybody help

I will try restoring to a week ago soon to see if that works

Answer:Xp security 2011 / malware removal tool virus

You are still infected. We cannot help you here with Malware removal as per forum rules. Please head over to Virus/Trojan/Spyware Help and post there for more help
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

1 more replies
Relevance 56.99%

I followed the Malware removal guide top to bottom, and it successfully removed the problem I had - which was that Google searches were returning false results

Thank you!

After completing the procedure I now get error alerts on my existing Security software:

1. Norton Internet Security 2009 -
a Risks in compressed file "dc1.exe"
b Risks in compressed file "Combofix.exe"

2. Spyware Doctor -
Application.NirCmd (22 infections)

Do you know if these are false alarms related to the Malware removal process?

Should I ignore these alarms, or let the software apply a fix?

Can I now safely toggle System Restore?
 

Answer:Security threats reported after completing Malware removal

I can't see log files for Malwarebites AntiMalware or for SuperAntiSpyware

I did run the scans but I don't think they found any infections
 

5 more replies
Relevance 56.99%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 56.99%

Hello,

I seem to have the same issue as the poster below - except that I'm runnin Windows Vista. I can't seem to be able to download any program - even in safe mode - as the malware starts popping up it's own security windows. I would greatly appreciate any help.

http://forums.techguy.org/virus-oth...5697-vista-home-security-malware-removal.html

Thanks
 

Answer:Vista Home Security 2011 Malware removal

I was really hoping that someone can help on this. It's been 2 days since my original post; so I thought I would bump it up. Any help would be greatly appreciated. Thank you.
 

1 more replies
Relevance 56.99%

HI
could you please help me in solving my system problem.

when i start the computer it says the following message

The path'c:\WINDOWS\o4251227.exe' does not exist or is not a directory.

Windows cannot find "'C:\WINDOWS\o4251227.exe'".Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search

then when i click on the browsers it open very late.

Next is if i goto for google search and when i click the result it will open the websites like

'http://goldenmango.com/fine.cfm?pt=2&rpt=1&kt=1'
http://216.133.243.28/2.php?sid=677...LaW5nZG9tCUdC&objTimStr=0.22215900+1203094488
http://www.uncoverthenet.com/search/?q=fine'

unrelated links..

After going thru these website i have installed the Hijack This and the report is

Logfile of HijackThis v1.99.1
Scan saved at 10:08:41 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\C... Read more

Answer:Solved: System is in a big trouble. security and malware removal

13 more replies
Relevance 56.99%

Hi All
I don't know where to put this request, it kind of crosses over different topics.
I had that Antivirus security pro virus which has now been removed following the method from this site (many thanks for that, it has been a huge relief), however I still get the .exe file errors and deletion when I try and download something and I cannot remove or reinstall Microsoft security essentials.  I have re run the malware program several times now and says everything is clean??
I have window 7 64bit if that helps
Cheers
DAvid

Answer:Cannot remove Microsoft Security Essentials after malware removal

G'day David, fellow aussie here.....
 
I would just about bet money that your PC is still infected mate . In fact i would probably bet the farm on it !
 
Ok...(on a more serious note)....Post a new Topic here :: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
 
Describe what led you to know that you were infected....and what steps you have taken since.
 
Kind Regards,
 
Brian

1 more replies
Relevance 56.99%

Hey Guys,
 
I Follow the 

CryptoLocker Ransomware Information Guide and FAQ
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
and set the security policies to avoid CryptoLocker attack my computer which are these 
 
Block CryptoLocker executable in %AppData%

Path: %AppData%\*.exe Security Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*.exePath if using Windows Vista/7/8: %LocalAppData%\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block Zbot executable in %AppData%

Path: %AppData%\*\*.exe Security Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block Zbot executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*\*.exePath if using Windows Vista/7/8: %LocalAppData%\*\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: DisallowedDescription: Block executables run from archive atta... Read more

Answer:Security Policies doubts after Malware Removal Tools

Instead of playing with the Local Group Policy Editor manually to set these GPOs, you should just download and use the free version of CryptoPrevent that will do everything for you and also offers you various options when it comes to the "thightness" of the settings.https://www.foolishit.com/vb6-projects/cryptoprevent/This tool was created following Lawrence Abram's instructions you just followed, plus some custom made rules, so you'll be good if you use it.

1 more replies
Relevance 56.99%

I hope I am finally in the right forum. Please, please help.Mod Edit: Topic in XP forum, http://www.bleepingcomputer.com/forums/topic433359.html/page__gopid__2516139 .Following pinned instructions for 2012..Security..XP, I was able to remove a number of Trojans with Malwarebytes, restored the firewall, reran Avast, and thought all was OK. And it seemed to be for a couple days.... Then Avast informed me it couldn't protect for firewall/email. Removed a few more trojans with malwarebytes, but could not get the firewall back up. Another forum has directed me here, explaining that I probably have resident malware.At this time, my computer is hung on the "windows is shutting down" window (I was trying to restart.) Before that, I had physically unplugged from the internet. A lot of services were running huge I/O and Other while I had nothing up but the CPU usage screen. InCDsvc and lsass were the most active. Oddly, I got a message the last couple reboots, that InCD could not be started.The scary thing for me (other than that the screen hangs there) is that all these processes were running very actively, but none were identified with a user - usually, it specifies network, local, Irena - like a ghost in the machine. It got quiet when I stopped the InCD, and very quiet after I pulled the Internet plug.The message was: Windows cannot start the Firewall/Internet Connection Sharing (ICS) service. I didn't go online after that. Now it's just a hung "shutting ... Read more

More replies
Relevance 56.99%

I have a malware infection I can't figure out how to fix. It started with a fake Windows Security Center scan warning, which I did not allow to run and then I notice several instances of ooj.exe running in my task manager. It has blocked me from opening almost any program/.exe. Windows just asks me to select a program to open the file. I can't run mbam or Super AntiSpyware. I have tried running FixExe.reg from a USB drive, it seemed to help initially, but no longer does.

I followed your general instructions. I could not run the defogger or gmer.exe (it just hung when trying to run). I did run the DDS (log pasted below and attach log is attached).

Any help would be greatly appreciated. Thanks!

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 15:42:08 on 2011-07-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.969 [GMT -6:00]
.
AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\hki183.exe
C:\Documents and Settings\All Users\Application Data\gj8Be6Sx.exe
C:\WI... Read more

Answer:Help wiht Malware Removal - ooj.exe, Wndws Security Cntr

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412109 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

34 more replies
Relevance 56.99%

Hi everyone,I'm looking for help with my computer which seems to be infected with a particularity nasty Trojan or malware. Right now my computer works but my Google searches done using firefox get redirected often to pages unrelated to the link I clicked on while using Google. Additionally I am unable to update and use many malware removal programs like Adaware, Spybot, and AVG malware scanners. I downloaded HijackThis and got a log of my system here it is: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:06:05 AM, on 6/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\CTHELPER.EXEC:\WINDOWS\system32\CTXFIHLP.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\WINDOWS\system3... Read more

Answer:Google Searches Get Redirected + malware removal programs wont work

Hello Max Hennings, Sorry for the delay. We have many logs backed up. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.******************Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fre... Read more

2 more replies
Relevance 56.99%

I'm following the process to remove malware from my XP laptop - looks like some variant of a search results hijacker has managed to crawl in.

Although I can download SUPERantispyware and so on, I have a few problems:

1) I can't download combofix. Firefox gets about 2.2 meg into it, then complains that it can't read the file. IE can't even start the download. Interestingly, many other pages at bleepingcomputer.com show up blank. I'll bring it across on a USB key from another machine.

2) SUPERantispyware can't contact its update server.

3) AVG can't contact its update server.

Clearly I don't expect a diagnosis as to why the updates are failing; merely some advice as to how best to proceed. Should I simply go with the non-updated versions?

Thanks in advance for any advice,

- Peter
 

Answer:Partway through XP malware removal process, many programs are unable to fetch updates

Re: Partway through XP malware removal process, many programs are unable to fetch upd

Welcome to Major Geeks!





Ozzard said:





Clearly I don't expect a diagnosis as to why the updates are failing; merely some advice as to how best to proceed. Should I simply go with the non-updated versions?
- PeterClick to expand...

Possibly a problem with Confictor or TDSSserv.


If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME ) onto another PC and burn to a CD. Then copy them to the probl... Read more

1 more replies
Relevance 56.99%

Hello everyone
 
A friend has given me her computer to fix as she has noticed that icons have disappeared from her desktop and that her favourites have disappeared from internet explorer. I have fixed similar problems previously for other friends by running various virus/malware removal programs like Malwarebytes, ADW Cleaner, Combofix, Junkware Removal Tool etc but this time the computer won't let me download and install anything. I have tried to download and install programs in safe mode but still no luck.
 
I decided to download the programs on a separate computer and put them onto a USB stick. I then booted up the infected computer into safe mode and transferred all the programs onto the desktop but when I double click on the set-up files I keep getting errors.
 
The errors I get are as follows
 
Malwarebytes - The system cannot find the path specified
ADWCleaner - Autolt Error - Unable to open the script file
Combofix - NSIS Error - Error launching installer
Junkware Removal Tool - Could not open the archive file "C:\Windows\system32\config\systemprofile\Desktop\JRT.exe. The system cannot find the file path specified
 
These errors occur in both normal and safe mode.
 
I have tried running DDS as advised in the Preparation Guide but I get the following error
 
dds.com - NSIS Error - Error launching installer
 
Please can one of the experts look into this for me and hopefully resolve the problems I'm having.
... Read more

Answer:Can't install virus/malware removal programs. Missing icons and favourites

Hello  stevieddj1, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them wi... Read more

18 more replies
Relevance 56.99%

I run a computer store and I'm always looking for more and better programs to use. I have a list of free ones that I run through along with some other tasks as well and I find 90% of the issues that come in.

1. start in safe mode, msconfig, startup, disable all.
2. CCleaner
3. MBAM malware-bytes
4. Spybot Search and Destroy
5. Google the problem
6. Remove HD and do an avg scan from another computer

I was just curious of some of your solutions to finding bugs and whatnot.

Answer:What is your list of favorite/most effective spyware/adware/malware removal programs?

Well i would disagree with a couple of your items.

First CCleaner is not a true removal program. Add into that using it to "clean the registry" could actually harm the system more than help it and your just adding to the problem instead of resolving it. Next Spybot is good, but there are others out there. SuperAntispyware is another decent one, but really between Combofix and MBAM, spyware is pretty much dead.

Google is not the end all source of information. People have to stop thinking that Google is the best place to go to find answers. Google doesnt spider every site on the internet. Microsoft sites are excluded. So if your trying to find something that is Windows or Microsoft related, Bing is your search engine of choice. As you will find more relevant answers and more direct answers from Microsoft themselves. Using Google will only bring you to sites like this and others that have topics on the subject which may not have the answer.

Last but not least, removing the drive and putting it into another system that is using a program that doesnt have the highest detection rate doesnt serve a purpose. You already used MBAM, AVG will not find more than MBAM. This step is futile. You would be better off buying Hiren's Boot CD or a Live AV CD from Avast or Kaspersky. They would serve you more purpose than removing the drive and scanning with an program that has a lower detection rate than one you already ran.

Our site Spyware Asylum is a combination... Read more

3 more replies
Relevance 56.17%

My Lumia 950 just got locked for security reasons and its says that I have to plug it to power source for 2 hours and then to try unlocking it ... what?! is there faster way to unlock it ? by the way I have done nothing wrong with my phone so have no idea why got locked!

Answer:Locked for security reasons!!!???

There are possibilities that I can think of, though I am unaware of why it states to "plug it in for 2 hours". It's just probably forcing you to wait 2 hours before trying to unlock again.
#1, you may have had someone else when you weren't looking attempt to hack your PIN in order to gain access.
#2, It may have been unsuccessful with the Iris Recognition for some reason.
#3, It could have been locked through your Microsoft Account on the Find My Phone page.
Fastest way I know of to unlock it would be to go to the web page for your Microsoft Account, go to Find My Phone, lock the phone and provide a new pin. Once the web site tells you it has been locked, use that PIN code to unlock the phone.
If the phone was low on charge, plugging it into the USB type C cable for a rapid charge is the best answer for that. What may take 2 hours on the wireless charging pad can go a lot faster using the quick charge cable, as it can charge your phone 50% in just 30 minutes.

more replies
Relevance 56.17%

At the moment I have Microsoft security essentials as my security program on my windows 7 64 bit laptop, plus a free McAfee free scan. I read that one should not have too many anti virus programs but should I have a anti-malware program as well as those mentioned above?. If so, can you advise
what anti malware program is best on the free-be section. Thank You.

Answer:security programs versus anti malware.

Malwarebytes is compatible with MSE so try the free version

6 more replies
Relevance 56.17%

Hi - I found this site looking to clean my infected system. I am actually on a different computer now as my infected system (desktop - wireless) can't access security sites.

The problem started Dec 2nd, 2008. I'm running XP SP 3. The system was set up to autodownload MS updates once per day, and AV every three hours. Somehow it got infected with a nasty malware program - I'm guessing via human interaction of a family member clicking something they shouldn't have. The system has TendMicro Internet Security 2008 running on it and had it running at the time of infection too. I've spent about 10 hours trying to clean it so far with little luck. I'd appreciate any help anyone can provide.

Symptoms:
-Running a little slow, to very slow at times, especially when downloading files. Not consistent though.

-Originally it wouldn't boot past the loading windows screen, but that has stopped now

-Trendmicro found GetModule, Adload, and Generic12.KAO but couldn't clean them. Adload and Generic aren't found anymore, and I cleaned GetModule via instructions on the TrendMicro site

-I cannot surf to any security sites (including this one) nor can I get to windowsupdate, but I can surf to msn, yahoo, etc

-tried loading AVGFree AV by downloading it to my clean laptop, burning it to cd, and then transfering it to the desktop, but it runs with errors and ends up doing nothing

-Also transferred over mbam-setup, HJTInstall, spybot, but they won'... Read more

Answer:Malware Infection on XP - can't run mbam or other security programs

I'm still discovering more information. I did a netstat -o while booted in normal running mode, without any network connections of my own open, and found many entries all mapped to a process ID of 1512. This PID lists in my task manager as svchost.exe. in the netstat - o results, http connections are open to the following:

207.68.173.231

205.128.73.126

206.33.45.124

8.12.222.126

65.55.239.188

a96-17-75-139.deploy.akamaitechnologies.com

204.160.99.125

65.55.197.247

198.78.200.124

65.55.197.254

199.93.63.124

192.221.114.124

8.12.222.126

65.55.21.250

89.188.16.36

hosted-by.xentronix.nl

89.188.16.36

62.4.83.195

-All are listed as CLOSE_WAIT at the moment. I doubt the IPs or domains will help in resolving my issue, but I thought I'd include them just in case. Also, if they aren't other unsuspecting infected computers, maybe this information will be read by someonw who can help add their info to security tools/scanners.

5 more replies
Relevance 55.76%

why does my anti virus rename maliware, I am using talktalk on line premium security
 

Answer:malware renamed by antivirus

Welcome to Major Geeks!

I have no idea what you are referring to. TalkTalk is not an antivirus program. It is some kind of broadband carrier. What is the antivirus package that they have given you and what exactly are you referring to as being renamed?
 

3 more replies
Relevance 55.76%

The malware affecting my computer sometime prevents me from viewing a web page I want to look at. For instance, I might type a search in google. When I click on one of the web pages in the search results, I will instead be directed to another page, often times an advertisement or other search page featuring words similar to the ones I typed in the google search. I'm not always redirected; sometimes I get to look at the actual page I clicked on. It's probably one out of two times that I'm redirected.

The malware appears to be blocking spyware removal programs like ad-aware.

Here are my logs:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft? Windows Vista? Business
Boot Device: \Device\HarddiskVolume3
Install Date: 11/7/2008 9:39:36 PM
System Uptime: 6/12/2009 8:42:11 AM (28 hours ago)

Motherboard: Dell Inc. | | 0D500F
Processor: Intel® Core™2 Duo CPU T8100 @ 2.10GHz | Microprocessor | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 136 GiB total, 90.288 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.332 GiB free.
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP129: 3/25/2009 - Scheduled Checkpoint
RP130: 3/27/2009 12:13:05 AM - Windows Update
RP131: 3/27/2009 2:56:04 PM - Scheduled Checkpoint
RP132: 3/29/2009 3:01:05 PM - Scheduled Checkpoin... Read more

Answer:Malware is redirecting my internet searches to different web pages/The program is blocking ad-aware and other removal programs

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Relevance 55.76%

Got some sort of trojan virus. Downloaded an anti virus program which caught the virus and quarantined it. Then deleted the anti virus program because it was a process hogger.

The reason I downloaded the anti virus program was because spybot was not updating and I was getting weird internet activity such as redirects to verizon.net search page, 404 errors when I tried to install spybot (after de-installing it).

I believe the virus is still in the computer. BECAUSE i cannot even download antimalware programs from major geeks and any web site i go to related to spybot downloading get 404 error or "Internet Explorer cannot display the webpage
Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information"

SO THIS IS MY PROBLEM. I have run cc cleaner, but am out of luck with spyware programs running, because either cannot download them, or once they are downloaded, they wont update. It seems the virus knows spybot and refuses to even let me go to spybots web site.
 

Answer:cannot update spybot or download major geeks malware removal programs - virus trojan

Re: cannot update spybot or download major geeks malware removal programs - virus tro

Welcome to Major Geeks!





mpurchases said:





Then deleted the anti virus program because it was a process hogger.Click to expand...

Very bad idea!


Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip ge... Read more

1 more replies
Relevance 55.76%

Here is my original topic in the "Am I Infected, What Do I Do?" Forum, describing all my original symptoms:
http://www.bleepingcomputer.com/forums/topic417241.html

Since the last post, the virus has completely disabled Firefox, even upon uninstalling, manually deleting all Mozilla-related files, restarting, and reinstalling, it still won't work. It gives me the same "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". Even when I had uninstalled Firefox I noticed there was a firefox.exe without the firefox logo still in the Programs\Mozilla Firefox folder. Deleted that, tried removing everything again and reinstalling, still can't get firefox open. Now this thing is starting to piss me off. I have MOST of my bookmarks backed up but not all (I know, I know...) It tried doing it with iTunes as well, but when I removed all iTunes and its services from my computer and reinstalled it now runs fine and even saved my library and play counts and everything. It seems the virus has not currently hijacked my Apple Mobile Device, Bonjour, or, iTunes, iTunesHelper services at the moment, so I'm going to re-do a scan of MiniToolBox to see if we get some different results since it showed an error in those processes, and I'll post all the required log files that I can, but anything that requires anything besides just a diagnostic scan my computer seems to kill permanently at thi... Read more

Answer:Vista virus of some kind shutting down ALL malware removal programs and altering system processes

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

33 more replies
Relevance 55.76%

this was my original topic that describes my problems: http://www.bleepingcomputer.com/forums/t/260661/please-help-me-with-advanced-virus-removal-software-cannot-even-load-windows/ i was told at the end to post this log:Running from: H:\Documents\Win32kDiag.exeLog file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\addins\addinsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP176.tmp\ZAP176.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21D.tmp\ZAP21D.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP300.tmp\ZAP300.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mou... Read more

Answer:advanced virus removal/total security malware problem on my laptop

excuse me, i know you guys are busy, but it's been 3 days and i havent gotten a reply yet. i thought i read somewhere that topics that dont get activity after 3 days get locked or deleted, so was just wondering about that.

even if you may not answer my question immediately, a response would be appreciated.

4 more replies
Relevance 55.76%

my divice locked for security reasons msg shows that connect your device to a power source for atleast two hours then restart it to try again but lock is not opened after connecting the power source 3 hours pls help me

Answer:my divice has been lockecd for security reasons

Originally Posted by Windows Central Question my divice locked for security reasons msg shows that connect your device to a power source for atleast two hours then restart it to try again but lock is not opened after connecting the power source 3 hours pls help me go to a pc browser, login at https://account.microsoft.com/devices, lock your device using a new code and then unlock
If you need additional help or have more questions or details to share, please join the site so you can reply in this thread. See this link for instructions on how to join Windows Central.

more replies
Relevance 55.76%

When I open a site some programs wants 2 run java. I allow it then a message shows your security settings has stopped java. What to do?

Answer:java stopping saying security reasons

Why are Java applications blocked by your security settings?BTW, using Java is an unnecessary security risk...especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.Kaspersky Lab report: Evaluating the threat level of software vulnerabilitiesMicrosoft: Unprecedented Wave of Java ExploitationGhosts of Java Haunt UsersAlthough Java is commonly used in business environments and many VPN providers still use it, the average user does not need to install Java software.Why You don't need JavaW3Techs usage statistics and market share data of Java on the webDon’t Need Java? Junk ItIs it time to give Java the boot? Experts say yesJava: should you remove it?I recommend just uninstalling Java if you don't use it.* How to Completely Remove Java Using JavaRa* How do I uninstall Java on my Windows machine?* Information about the Java Uninstall Tool for WindowsIf you're going to use Java, many security researchers and computer security organizations caution users to limit their usage and to disable Java Plug-ins or add-ons in your browsers.If you need Java for a specific Web site, consider adopting a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site(s) that require(s) it.Krebs On Security: ...JavaTo defend against this and future Java vul... Read more

7 more replies
Relevance 55.76%

Hi!
I'm hoping for some insight or hand holding, whatever you want to call it.

AOL is giving me McAfee and I'm not sure that I want it, I have AVG and Zone Alarm. Can someone tell me which anti-virus protection is the better option?

And my computer is running very slow (for having DSL ) I think, No I know it is slow.

If someone can look at my Hyjack This log and possibly tell me what I can do to remedy the problems I'm having. And maybe you'll spot some other issues I'm not aware of.

THANKS FOR YOUR TIME AND HELP

ALETHEA

Logfile of HijackThis v1.99.1
Scan saved at 2:14:20 AM, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\... Read more

Answer:Is DSL risky for security reasons and why so slow??????

6 more replies
Relevance 55.76%

We are a separate entity charity organization; however, we are also a branch of a bigger non-profit organization. Currently the CIO expressed opinions that he wants control over our network which contains 50 workstations and 6 servers. Two of those servers are database servers that contain crucial information. We are concern that if he takes over and moved all those servers to his location, would we increase the probability of being attacked by hackers since it will become a bigger target for hackers? Currently our Internet access and emails are from them, but as far as maintaining all the workstations and servers, that is done in house. We have our own separate firewall that protects all over machines before it goes out to their network and to the Internet. Will anyone give me some reasons to stay separate from their control over our network and machines?

Many thanks for your help. Any suggestion is greatly appreciated!

ljCharlie
 

Answer:Security reasons to stay separate

6 more replies
Relevance 55.35%

The computer was infected on February 10, 2010. After removing Antivirus Soft via your topic on this subject, thought I had solved the problem, but soon found out that I was unable to download updates or software from microsoft.com. Other programs, such as McAfee, Malwarebytes and MSN Spy Sweeper are unable to download updates. Internet Explorer searches redirect, and recently, in the last day or so, been causing the computer to restart when opening, or it opens then causes a restart when opening another tab.Thank you in advance for your assistance.Download issue is resolved. Browser search still redirecting.DDS (Ver_09-12-01.01) - NTFSx86 Run by Compaq_Owner at 15:09:47.23 on Sun 02/28/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.57 [GMT -8:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\Program Files\iTunes\iTunes... Read more

Answer:IE search redirect/inability to download updates to security/spyware programs after removal of Antivirus Soft 2010

Please lock/delete topic. IE was fixed by reloading program.It worked first couple of tries but then tried it again, still redirecting. Sorry for inadvertantly bumping.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you... Read more

10 more replies
Relevance 55.35%

Hi Folks,

I appreciate you taking the time to help me out.

I picked up some malware last night from a streaming movie site. I've looked at a few solutions to this problem (including the advice from this site) but nothing is working for one sole reason....I can't run any programs-None. I got as far as downloading the DDS but it won't run it. My computer keeps telling me "file rundll32.exe is infected' and asking if I want to run the malware antivirus software. The only program I've been able to run is McAfee and it found nothing wrong with my computer. I can't open task manager to stop the malicious programs.

Any advice?

Thanks again.

Answer:Malware Problem - Antimalware Doctor, Security Tool, etc. Programs won't run

Hello chirpygirl,

What version of Windows is this? Try to run the tools from Safe Mode.

1 more replies
Relevance 55.35%

Hello, I would greatly appreciate any help you can provide with this issue.I am running Windows Vista, and a little under a week ago my computer picked up a nasty virus/malware (I'm not sure which). It would open pop-up windows in Firefox, and is interfering/evading all of my attempts to get rid of it.I tried running AVG Free 2012 to get rid of it, but most of the time it blocks AVG Free anti-virus from working, and unless I run the repair utility I can't get AVG working again (and when I do get it working, the AVG scan is clean). I installed Malwarebyte's Anti-Malware, and while it runs in the taskbar I cannot open the user interface (error message: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them). I am trying to run it from the Administrator account, and even after going into the command lines and taking ownership of the folder & mbam.exe, my access is denied. While I am connected to the internet(whether I have a browser open or not), Anti-Malware does pop up messages frequently that it is blocking access to a potentially malicious website, from either firefox.exe or svchost.exe.I successfully installed HiJackThis, but when I try to run the program I am told I have insufficient privileges to access HiJackThis.exe.I installed Spybot Search & Destroy, and it did not detect anything on the full scan it performed.My Windows Firewall has been turned off (not by me), and when I try to tu... Read more

Answer:Vista infected with malware/virus blocking my security programs

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422234 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

8 more replies
Relevance 54.94%

Hello Folks!!!

The consensus is that Firefox is safer than IE6 or 7 for that matter. I have it downloaded version 1.8.0.7: 2006090918 but NOT configured properly. I understand that I should keep IE because some sites require it. I wish to make the move though.

I would like to configure Firefox for security re: pop-ups, Scripting, Java issues, Cookies, signed/unsigned---YOU folks know all the issues.

Can you transfer the "favorites" list precisely?

You guys/gals are doing the Lords work here...I really do NOT know how you keep up.....

Answer:Making Switch To Firefox-security Reasons......

Click on Tools/ click on options/ click on general tab and put check in box to set firefox as default browser; click content tab and put check in all boxes except "for the originating web site only"; click on downloads tab and put check in "show download manager when a download manager begins"; click on Advanced tab/ uncheck the two boxes under "accessibility"/ check the three boxes under "browsing"/click on update tab/ check the three boxes under "automatically check for updates to:"/ under "when updates to Firefox are found" check "ask me every time"; click on security tab/ check the three boxes under "protocols"/ Under certificates check "select one automatically"; click privacy tab/ check box next to "allow sites to set cookies", check box "for the originating site only" and uncheck "unless I have removed cookies set by the site". In the drop down window select "ask me every time"

--------------------------------------------------------------------------------

Install plugins for Java, media programs
Install Site Advisor extension
Install NoScript extension (blocks driveby malware installs and advertising)
Install Adblock extension
Install flash plugins
Install IE View Lite extension
Check the extensions that are available. There are hundreds. The ones I listed here are safe and updated regularly.
Other extensions are not up to... Read more

18 more replies
Relevance 54.94%

I first noticed a problem when I was using my computer and the screen just went black. I rebooted and before fully doing so the computer went to a screen saying that windows was shutting down to protect my computer with some technical jargon that I unfortunately can't copy paste here or anything, but it's one of those blue screens with very plain text...hopefully you know what I mean. Anyway, when I was finally able to get to my desktop, I couldn't change the background, which had a warning about spyware on my computer. I fixed that problem and can change the background, but Windows will continue to try to reboot all the time. I am also having trouble uninstalling Norton anti-virus, which was added in naivety but I already have another anti-virus. It freezes when I click on changing it in add/remove programs. Any help is REALLY appreciated.

Deckard's System Scanner v20071014.68
Run by Brett Goodman on 2008-07-07 20:27:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.5 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-07 20:27:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32... Read more

Answer:Windows keeps trying to shut down and reboot for security reasons HELP

BUMP, please!!!!! I could really use some help here. Thanks.

3 more replies
Relevance 54.94%

I have a HP Pavilion x2 running Windows 10 (fully up to date)Normally I sign in with a PIN however recently every couple of times I try to use the PIN it comes up with the following."This sign in option has been locked out for security reasons. Use a different sign in or connect your device to a power source for 2 hours then re-start it and try again."It is possible to sign in with a password still after choosing this from "sign in options"So far I've performed a System Reset and also deleted and re-input the password but the problem always returns.

More replies
Relevance 54.94%

it written to connect the phone to power source for 2 hours and try again i done that
but no use

Answer:My Lumia 535 is locked for security reasons . How do I unlock it ?

You can reset it using the software recovery tool but it will wipe all the data from the device.

12 more replies
Relevance 54.53%

hello, a friend has droped off a broken windows xp computer with me for repair. The followed http://www.bleepingcomputer.com/virus-remo...-security-suite this guide section 'automated removal section and now the PC bluescreen's on both normal and safemode. Looking for guidance as to what they might have broken. Thoughts? The BSOD is a stop c000021a - windows logon process system process terminated unexpectedly with a status of 0xc00000005 (0x00000000 0x00000000).

Answer:BSOD after following "automated removal instructions for security suite using malwarebytes anti-malware guide

Hi .The majority of references I see for this...are for Win 2K. XP users who have this error...don't really seem to get a resolution of any sort that I can see.From looking at the Win 2K references, I'd say that the registry is jumbled. A repair install effort would be worth a try...but I suspect that a clean install will be the ultimate resolution.Some Google Links.Louis

1 more replies
Relevance 54.53%

Hi,

Could anyone suggest me how to recovery my Facebook account?
First of all: I deliberately typed all information below, to let you exactly what I have don. So, you may be helping me more. I don't know if any the information given below will be out of my safety here in this public forum. So, if please let me informed to delete it.
My problem is ::: Whenever I open my Facebook account, I am faced with
For security reasons your account is temporarily locked
If this account reflects your real name and personal information, please help us verify it. 'Continue'

My headline points are::
•My Facebook got right now blocked is associated with my other email address 'XXX.Hotmail.com'. However, my last Facebook had been blocked and still blocked about two years ago is associated with my other email address 'XXX.Yahoo.com'
•I do no longer care about my Facebook blocked two years ago. However, I most care about my Facebook account got blocked right now.
• Even before blocking my Facebook account associated with my email address ''XXX.Hotmail.com', there have been no notifications upcoming to my email 'XXX.Hotmail.com' associated with my Facebook blocked right now. However, there have been notifications upcoming to my email 'XXX.Yahoo.com' associated with my Facebook account got blocked two years ago.
•I have not tried to open my Facebook account on another computer than the one I normally use since I don't have other device right now.
• My Fac... Read more

More replies
Relevance 54.53%

i am using lumia 640xl . unfortunately my phone is locked and message display-" your phone is locked due to some security region do charge "
if any body have idea about it how to recover except reset , then answer me....

Answer:How to unlock my windows phone which has been locked for security reasons.??

Originally Posted by Windows Central Question i am using lumia 640xl . unfortunately my phone is locked and message display-" your phone is locked due to some security region do charge "
if any body have idea about it how to recover except reset , then answer me.... is your phone branded?? like carrier locked?

more replies